File systems generally utilize a file system manager that may be included in an operating system, and provides access to files and/or directories that are managed in that file system. Such file system managers have some abilities to protect the data stored within the respective file systems. For example, an Access Control List or an Access Control Record associated with a directory or a file can be used to control whether a user may have read or write access to a directory or a file. Using such mechanisms, file access requests are received by a file system manager and from a caller (typically an application associated with a particular user or endpoint). The file access request may identify one or more directories and a file, and may determine that the caller does not have an appropriate access right (e.g., read or write access) associated with the file access request. The Access Control List or Record is accessed to determine if the caller has access rights to the file based on the request (e.g., read or write access). If the caller has adequate access rights, the file system manager may return a file handle to the caller for use. If the caller does not have adequate access rights, an error message is returned to the caller. In either case, the file or directory is visible to the user.
Existing file system manager capabilities have shortcomings with respect to protecting a directory or file from unauthorized access. For example, existing file system managers allow all users who can access a directory, using a user credential such as a user identification and password, to see all the directories and files included in that particular directory to which the user has access. Such knowledge of the presence or absence of a directory or file can be valuable to a hacker or an unauthorized user (e.g., due to names of files or directories, which may be indicative of contents or the value thereof). Accordingly, improvements in the area of file system manager security are desirable.